Legal Notice

Welcome to Hotel Kapellenberg GmbH!

Protecting your privacy and personal data is a high priority for us. With this in mind, we do not collect or use your data except in accordance with the provisions of Regulation (EU) 2016/679 (the General Data Protection Regulation, or GDPR), the German Federal Data Protection Act (BDSG), and the German Tele-Media Act (TMG). In our role as the controller responsible for data processing, we are providing this text to inform you of which data we collect and how we process these data.

1. Personal data

"Personal data" within the meaning of the GDPR means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data are only stored to the extent that this is necessary to perform the service that has been booked, to comply with legal requirements or for the purpose stated below.

2. Anonymized data  / log files

You can visit our website without collection of personal data being necessary. Each time you visit our website, however, certain anonymized data are stored. These data include information on which page or which site you have accessed. These data are not personal data, however, so they do not fall under the statutory provisions of the GDPR or BDSG.

The website operator or page provider collects data on access to the page and stores them as "server log files”. The following data are logged in this way:
Website visited, time of access, quantity of data transferred in bytes, source/referrer from which you reached the page, browser used, operating system used, IP address used.

The data collected are used merely for statistical analyses and to improve the website. The website operator does, however, reserve the right to review the server log files subsequently if there are specific indications of unlawful use.

Anonymous data are collected solely for statistical analysis in order to improve our site and the goods and services we offer. In this regard, please note the point titled "Right to information / right to withdraw consent."

3. Purpose of collection of personal data

The collection of personal data does, however, become absolutely necessary if you wish to use our website to book a room or other services, contact us, subscribe to our newsletter, or use other features of our site that absolutely require personal data.

In accordance with the statutory provisions and with an eye to data economy, the data collected to do this are typically limited only to the data that we require in order to provide the specific service. Where our forms request further information, providing this information is always voluntary and is labeled as such.

The temporary storage of the IP address by the system is necessary in order to make it possible for the website to be delivered to the user's computer. To do this, the user's IP address must remain stored for the duration of the session. Storage in log files also takes place in order to ensure the functionality of the website. We also use these data to optimize the website and ensure the security of our IT systems. The data are not analyzed for marketing purposes in this context. These purposes also constitute our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR.

In the event that you book a room or another service, the data collected in the process are used to handle this booking through to completion, for marketing purposes within the scope of the statutory provisions, and for statistical purposes.

The legal basis for sending the newsletter as a result of the sale of goods or services is Sec. 7 (3) of the German Act Against Unfair Competition (UWG).

If you subscribe to our newsletter, we also store and use the data you provide about yourself and your trip when making your booking. This is based on Article 6(1)(f) GDPR and serves to provide you with optimum service as a newsletter subscriber.

The legal basis for the processing of the data after the user registers to receive the newsletter is Article 6(1)(a) GDPR, provided that the user has consented.

We also use the personal data we have stored to maintain customer relationships, for customer care (e.g. information on how your stay was), for inquiries regarding customer satisfaction, and to process orders through to completion.

4. Legal basis for the processing of personal data

To the extent that we obtain consent from the data subject for processing operations, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the case of the processing of personal data that is necessary for the performance of a contract to which the data subject is party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

To the extent that the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person render the processing of personal data necessary, Article 6(1)(d) GDPR serves as the legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR serves as the legal basis for the processing.

5. Disclosure of personal data to third parties

Your personal data will not be shared with third parties except within the scope of the relevant provisions, particularly those of data protection and competition law.

To the extent necessary in order to perform the contractual service owed by us or to fulfill statutory obligations, your data will also be shared with subcontractors or service providers in order to perform the service in our name or on our behalf (e.g. technical handling of mail and e-mail sending, payment processing, customer service).

In addition, your data will be disclosed to persons or companies to process your booking, particularly to DIRS21, rental car agencies, government agencies, and so on. Please note that the provisions of data protection and privacy law that apply in the locations where these persons and companies are based may vary from those that apply in Germany.

Your data will also be disclosed and transferred to third parties to the extent that we are obligated to do so either by law or based on court proceedings that have been concluded with final, binding legal force.

You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

6. Storage and erasure of data

Your personal data are stored within the scope of the purposes set out under the point "Purpose of collection of personal data." The personal data of the data subject are erased or blocked as soon as the purpose for which they were stored no longer applies. Data may also be stored if this has been set down by the European or national legislatures in regulations under Union law or in laws or other regulations to which the controller is subject. The legislators have established a number of different obligations relating to the storage of data and the time limits that apply. Blockage or erasure of the data also takes place when a storage time limit stipulated by the abovementioned provisions expires unless there is a need to store the data for longer in order to enter into or perform a contract.

7. Use of cookies

We use cookies (small computer files containing text information that the Web server sends to your Internet browser) in order to improve your experience when you visit our online offerings. For example, some notifications appear only one time if you allow us to place a cookie. Our cookies also have an expiration date. If you manually erase your cookies before the expiration date, you will receive a new cookie the next time you visit the page unless you block storage of the cookie.

The technical specifications provide that only the server that has sent a cookie can read that cookie. We assure you that we do not store any personal data in cookies.

If you do not accept cookies, your use of our website will unfortunately be limited. We therefore recommend that cookies be permanently activated for our website. Most Internet browsers are set up to accept cookies automatically.

You can, however, deactivate the storage of cookies and set your Internet browser to notify you as soon as cookies are transmitted.

The legal basis for the processing of personal data using cookies is Article 6(1)(f) GDPR.

The legal basis for the processing of personal data using cookies for analytical purposes is Article 6(1)(a) GDPR, provided that the user has consented to this.

8. Security, questions and suggestions, controller

Security depends on a number of factors, not least among them your system. You should always treat your access information as confidential, never allow your Web or Internet browser to store passwords, and close your browser window when you have finished visiting our website. This makes it harder for third parties to gain access to your personal data.

Be sure to use an operating system that can manage user rights. At home within your family, too, set up multiple users on your system, and never use the Internet under administrator rights. Use security software such as virus scanners and firewalls, and always keep your system up to date.

The controller responsible for this website within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States and of other provisions of data protection law is:

Hotel Kapellenberg GmbH
Am Kapellenberg 2
97246 Eibelstadt
Tel.: +49 9303 98007-0
Fax: +49 9303 98007-444
E-Mail: info[at]

9. Right to information / right to withdraw consent; further rights of data subjects

You have the right:

  • to obtain information from us regarding the personal data concerning you that we process, pursuant to Article 15 GDPR. In particular, you can obtain information regarding the purposes of processing, the category of personal data processed, the categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to rectification or erasure or restriction of processing or to object to such processing, the existence of a right to complain, the source of your data to the extent that they were not collected by us, and the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the details thereof;
  • to obtain without undue delay the rectification of inaccurate personal data concerning you that are stored by us and to have incomplete personal data concerning you that are stored by us completed, pursuant to Article 16 GDPR;
  • to obtain the erasure of personal data concerning you that are stored by us without undue delay, provided that processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims, pursuant to Article 17 GDPR;
  • to obtain restriction of processing of your personal data where you contest the accuracy of the data, the processing is unlawful and you oppose the erasure of the data, and we no longer need the data, but they are required by you for the establishment, exercise or defense of legal claims or you have objected to processing pursuant to Article 21(1) GDPR, pursuant to Article 18 GDPR;
  • to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to obtain the transmission of those data to another controller, pursuant to Article 20 GDPR;
  • to withdraw your consent, once granted, toward us at any time, pursuant to Article 7(3) GDPR. This will result in our no longer being permitted to continue the data processing based on this consent for the future; and
  • to lodge a complaint with a supervisory authority, pursuant to Article 77 GDPR. You can typically contact the supervisory authority in the location of your habitual residence or place of work or the place of our company registered office to do this.

You have these rights free of charge as a matter of course. To withdraw your consent to the use of data, or to request information or the rectification, blockage or erasure of data or exercise your other rights as a data subject, please contact:

Hotel Kapellenberg GmbH
Am Kapellenberg 2
97246 Eibelstadt
Tel.: +49 9303 98007-0
Fax: +49 9303 98007-444
E-Mail: info[at]